What is Secure Scanning Optimization (SSO)?

book

Article ID: 177517

calendar_today

Updated On:

Products

Mail Security for Domino

Issue/Introduction

What does the SSO option do, and how can it effect my Domino databases?

Symptoms
Enabling SSO causes all emails and documents to be modified.


Cause

SSO (Secure Scanning Optimization) is an important new feature in Mail Security for Domino 7.5. This feature will eliminate the need for redundant scans and thereby improve the performance of scanning. This feature is very useful in situations where you want to repeatedly scan for antivirus through manual / scheduled scans, as long as the correct settings are used. If SSO is not disabled in the manual / scheduled scans all documents / databases will be modified, causing unnecessary work for the Domino servers. This feature applies a tag/stamp to mails and documents with attachments, that are found to be clean after a scan. It encrypts the tag with the user defined key. This key ensures that the definition tag cannot be spoofed by any malicious attacker. When a subsequent scan occurs, SMSDOM detects this tag and verifies it's contents. If the content is the same of what was tagged, antivirus scanning is then skipped on the document / email. Unclean documents are not tagged, and Tags are removed from the document if the document is found unclean after a re-scan.

Resolution

To Enable the SSO feature, in the Group document of the Symantec Mail Security Settings database, click the Configuration | Auto-Protect, and select Enable Secure Scanning Optimization.
Under the Scanning Optimization Key, type a 16 character key. These characters must be letters and numbers only. Select Save to save the settings.

If your company requires or wishes to perform manual or schedule scans, you may wish to select the Ignore Secure Scanning Optimization under the Scan | What to scan fields

With the Ignore Secure Scanning Optimization selected for the manual / scheduled scans, all databases and documents are scanned for viruses but are not modified with a new SSO tag/

Note: If your system is set to only use SSO for inbound email scanning to eliminate redundant scans as the message is passed through the network, you may wish to ensure you disable the SSO options within the manual and scheduled scans. When the manual and scheduled scans begin to scan all the databases / documents for viruses and the SSO is not disabled, it will modify all documents with the current SSO tag, causing undesired modifications and replications through all databases.